News:

At Osclass we have changed our Privacy Policy and Terms of Use in order to adapt them to the new General Data Protection Regulation (GDPR). We want you to know what user data we store, what we need them for, and who we share them with in each specific case. Furthermore, we are making it even easier for you to exercise your right to manage your own data.

Our goal is that you enjoy the best possible experience with our website. As the GDPR comes into force, legislation requires us that you grant us permission—both to us and our partners—to store cookies in your browser. Remember you can find more information about what we do with your data by clicking here.

Author
Topic: OsClass cookie secure flag (Read 148 times)

just had a security check done on my website/server and there was a cookie issue. After some analysis I found that most cookies including the OsClass cookie do not use the Security Flag when a new session starts. For some reason it is better to set it to true if you use https so what you can do for a fix is this:

Find file "oc-includes/osclass/core/Session.php" and go to function "function session_start()"Inside the function add the following code:

if ( defined('COOKIE_DOMAIN') ) { $currentCookieParams["domain"] = COOKIE_DOMAIN; }To test you can use developer tools in your browser and check the cookies and their security status before and after this code change. NB. don't forget to clear your cache/cookies when testing the scenario's

P.s. make sure ALL cookies in use by your website have the flag set to true (ie. plugins/themes)